1. Field of the Invention
The present invention relates to computer security in general, and to a method and apparatus for protecting content stored on a computerized device from physical attack attempted at the device.
2. Discussion of the Related Art
Many organizations employ a computing environment comprising a central host computer, connected through a communication channel such as a wide area network (WAN) or local area network (LAN) to one or more remote stations. The remote stations are generally stationary and are continuously active and connected to the central computer. Sensitive data may be stored both on the central computer and on the remote stations. The central computer is usually tightly secured, being locked in a room with limited access, a physical lock or other measures. However, the remote computers are often dispersed over a wide area, including for example separate buildings, so tight security measures can not always be applied for each remote computer. Thus, data stored on a remote computer may be available to an attacker physically capturing the remote computer or part thereof such as a hard disk, disconnecting it from the communication channel and possibly taking it to another location for further inspection. Another type of attack may comprise the attacker installing a “Trojan Horse” application, i.e. an application that collects data from the on going usage of the computer, including files, folders, nicknames, passwords or the like, and stores it for later usage, when the installer of the Trojan Horse physically captures the computer. Another security hazard may be when an attacker alters the root partition of a computer to disable a remote host protection (such as a firewall) and then starts up the computer and breaks into the network.
A number of solutions were suggested to these security problems. One solution was suggested by Levy et al. in U.S. Pat. No. 5,748,744 titled SECURE MASS STORAGE SYSTEM FOR COMPUTERS, disclosing the storage of data on the remote computer as cyphertext, wherein the keys are stored on the medium itself. Thus, the attacker has access both to the key and to the data, so he can use the key to decipher the data. Another solution was suggested by Corder in U.S. Pat. No. 7,069,447 titled APPARATUS AND METHOD FOR SECURE DATA STORAGE, which suggests storing confidential data incorporating data encryption and user authentication. Attempts to attack data stored on a computer by multiple unsuccessful login attempts is detected during user authentication and users are locked out. However, if an attacker does possess a password, the data is available to him even when the computer was removed from the organization. An additional drawback is that U.S. Pat. No. 7,069,447 requires an interactive session for accessing the encrypted data, and is thus not suitable for appliances or servers.
There is therefore a need for a solution which will disable an attacker from accessing data stored on a computer, once the computer has been removed from a network connecting it to a central computer. The solution should also protect the data from unauthorized access to the computer even when it is connected to the network.